s3tables: Add upper bound validation for MaxTables parameter

MaxTables is user-controlled and influences gRPC ListEntries limits via uint32(maxTables*2). Without an upper bound, very large values can overflow uint32 or cause excessively large directory scans. Cap MaxTables to 1000 and return InvalidRequest for out-of-range values, consistent with S3 MaxKeys handling.
2026-01-28 16:20:32 -08:00
parent 2d556ac2a5
commit e0da63fd0a
1 changed files with 9 additions and 2 deletions
--- a/weed/s3api/s3tables/handler_table.go
+++ b/weed/s3api/s3tables/handler_table.go
@@ -119,7 +119,7 @@ func (h *S3TablesHandler) handleCreateTable(w http.ResponseWriter, r *http.Reque
 		ModifiedAt:     now,
 		OwnerAccountID: h.getAccountID(r),
 		VersionToken:   versionToken,
-		Schema:         req.Metadata,
+		Metadata:       req.Metadata,
 	}

 	metadataBytes, err := json.Marshal(metadata)
@@ -286,6 +286,12 @@ func (h *S3TablesHandler) handleListTables(w http.ResponseWriter, r *http.Reques
 	if maxTables <= 0 {
 		maxTables = 100
 	}
+	// Cap to prevent uint32 overflow when used in uint32(maxTables*2)
+	const maxTablesLimit = 1000
+	if maxTables > maxTablesLimit {
+		h.writeError(w, http.StatusBadRequest, ErrCodeInvalidRequest, "MaxTables exceeds maximum allowed value")
+		return fmt.Errorf("invalid maxTables value: %d", maxTables)
+	}

 	var tables []TableSummary
 	var paginationToken string
@@ -340,10 +346,11 @@ func (h *S3TablesHandler) handleListTables(w http.ResponseWriter, r *http.Reques
 			paginationToken = ""
 		} else if isAuthError(err) {
 			h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "Access Denied")
+			return err
 		} else {
 			h.writeError(w, http.StatusInternalServerError, ErrCodeInternalError, fmt.Sprintf("failed to list tables: %v", err))
+			return err
 		}
-		return err
 	}

 	resp := &ListTablesResponse{